iterate over data source for a list of secrets arn

Question

I have a few secerts in aws that were created manually. Is there a way to list them with data "aws_secretsmanager_secret"?

My goal is to get an list/index of the ARNs and then use it in a daymnic block. I want to try and avoid writing multiple data source blocks.

All the sercerts have a similar naming prefix:

db-credentials/${var.env-name}/<db-user>

The <db-user> changes of course from user to user. So I guess I'm looking to iterate with data source over all secrets which falls into this naming pattern and get a list of their ARN. After that use each ARN indie a daymnic block

The daynic block will be used inside resource "aws_db_proxy" in the auth block

score 2 · Accepted Answer · answered Jul 07 '21 at 10:25

if anyone will find this useful I manged to do it like this:

locals {
       secrets_list = [
       "db-credentials/${var.env-name}/user1",
       "db-credentials/${var.env-name}/user2",
       "db-credentials/${var.env-name}/user3"
  ]
}

data "aws_secretsmanager_secret" "rds_secrets" {
  for_each = toset(local.secrets_list)
  name = each.key
}

resource "aws_db_proxy" "rds_db_proxy" {
  name = "${var.env-name}-rds-proxy"
  engine_family = "MYSQL"
  idle_client_timeout = 900
  require_tls = true
   .
   .
   .
   .

  dynamic "auth" {
    for_each = local.secrets_list
    content {
      secret_arn  =  data.aws_secretsmanager_secret.rds_secrets[auth.value].arn
      auth_scheme = "SECRETS"
      iam_auth    = "REQUIRED"
    }
  }
}

iterate over data source for a list of secrets arn

1 Answers1